From 69b2d75fc7d5f92b6e7c9f7c1aaf50b04becfe38 Mon Sep 17 00:00:00 2001 From: Barry Warsaw Date: Thu, 15 Nov 2001 23:55:12 +0000 Subject: [PATCH] A few minor updates to make it clear(er) that pickle should be used instead of marshal for object serialization. Fred, please proofread! --- Doc/lib/libmarshal.tex | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/Doc/lib/libmarshal.tex b/Doc/lib/libmarshal.tex index 013e7f83125..74770fcf4b1 100644 --- a/Doc/lib/libmarshal.tex +++ b/Doc/lib/libmarshal.tex @@ -1,5 +1,5 @@ \section{\module{marshal} --- - Alternate Python object serialization} + Internal Python object serialization} \declaremodule{builtin}{marshal} \modulesynopsis{Convert Python objects to streams of bytes and back @@ -23,7 +23,13 @@ This is not a general ``persistence'' module. For general persistence and transfer of Python objects through RPC calls, see the modules \refmodule{pickle} and \refmodule{shelve}. The \module{marshal} module exists mainly to support reading and writing the ``pseudo-compiled'' code for -Python modules of \file{.pyc} files. +Python modules of \file{.pyc} files. Therefore, the Python +maintainers reserve the right to modify the marshal format in backward +incompatible ways should the need arise. If you're serializing and +de-serializing Python objects, use the \module{pickle} module. There +may also be unknown security problems with +\module{marshal}\footnote{As opposed to the known security issues in +the \module{pickle} module!}. \refstmodindex{pickle} \refstmodindex{shelve} \obindex{code}